A breach of Forever 21 left consumer payment card data exposed to hackers, the retailer verified Thursday. The business didn’t specify how many customers had data stolen, but said the various point of sales computers were affected within April 3 and November 18, 2017. Hackers obtained credit card numbers, expiration dates, confirmation codes and sometimes cardholder names.
“We regret this incident happened and any concern this may have caused you,” the organization said in its notification
In its notification to consumers, Forever 21 said hackers placed malicious software on some point of sales computers in stores throughout the country. It’s an update to a November 14 announcement stating the company may have been targeted by hackers. The breach is a different example of how cybercriminals are targeting major retailers by hacking the regularities that process your credit and debit cards, despite organizations’ efforts to make that harder to do. Fast food chain Chipotle was hit by a similar hack in 2017, as was video game retailer GameStop.
Companies have technologies in-house to foil hackers, but they don’t always work. Forever 21 said its point of sales computers, which cashiers use to swipe consumers’ cards, are supposed to be encrypted. That suggests anyone intercepting the data would be unable to read it. But sometimes, that encryption was set off, Forever 21 said in its notification.